Re: Frontswap [PATCH 0/4] (was Transcendent Memory): overview

[Avi Kivity]

On 04/30/2010 08:52 PM, Jeremy Fitzhardinge wrote:
> On 04/30/2010 09:16 AM, Avi Kivity wrote:
>    
> > Given that whenever frontswap fails you need to swap anyway, it is
> > better for the host to never fail a frontswap request and instead back
> > it with disk storage if needed.  This way you avoid a pointless vmexit
> > when you're out of memory.  Since it's disk backed it needs to be
> > asynchronous and batched.
> >      
> I'd argue the opposite.  There's no point in having the host do swapping
> on behalf of guests if guests can do it themselves; it's just a
> duplication of functionality.

The problem with relying on the guest to swap is that it's voluntary.  
The guest may not be able to do it.  When the hypervisor needs memory 
and guests don't cooperate, it has to swap.

But I'm not suggesting that the host swap on behalf on the guest.  
Rather, the guest swaps to (what it sees as) a device with a large 
write-back cache; the host simply manages that cache.

> You end up having two IO paths for each
> guest, and the resulting problems in trying to account for the IO,
> rate-limit it, etc.  If you can simply say "all guest disk IO happens
> via this single interface", its much easier to manage.
>    

With tmem you have to account for that memory, make sure it's 
distributed fairly, claim it back when you need it (requiring guest 
cooperation), live migrate and save/restore it.  It's a much larger 
change than introducing a write-back device for swapping (which has the 
benefit of working with unmodified guests).

> If frontswap has value, it's because its providing a new facility to
> guests that doesn't already exist and can't be easily emulated with
> existing interfaces.
>
> It seems to me the great strengths of the synchronous interface are:
>
>      * it matches the needs of an existing implementation (tmem in Xen)
>      * it is simple to understand within the context of the kernel code
>        it's used in
>
> Simplicity is important, because it allows the mm code to be understood
> and maintained without having to have a deep understanding of
> virtualization.

If we use the existing paths, things are even simpler, and we match more 
needs (hypervisors with dma engines, the ability to reclaim memory 
without guest cooperation).

> One of the problems with CMM2 was that it puts a lot of
> intricate constraints on the mm code which can be easily broken, which
> would only become apparent in subtle edge cases in a CMM2-using
> environment.  An addition async frontswap-like interface - while not as
> complex as CMM2 - still makes things harder for mm maintainers.
>    

No doubt CMM2 is hard to swallow.

> The downside is that it may not match some implementation in which the
> get/put operations could take a long time (ie, physical IO to a slow
> mechanical device).  But a general Linux principle is not to overdesign
> interfaces for hypothetical users, only for real needs.
>    

> Do you think that you would be able to use frontswap in kvm if it were
> an async interface, but not otherwise?  Or are you arguing a hypothetical?
>    

For kvm (or Xen, with some modifications) all of the benefits of 
frontswap/tmem can be achieved with the ordinary swap.  It would need 
trim/discard support to avoid writing back freed data, but that's good 
for flash as well.

The advantages are:
- just works
- old guests
- <1 exit/page (since it's batched)
- no extra overhead if no free memory
- can use dma engine (since it's asynchronous)

> > At this point we're back with the ordinary swap API.  Simply have your
> > host expose a device which is write cached by host memory, you'll have
> > all the benefits of frontswap with none of the disadvantages, and with
> > no changes to guest code.
> >      
> Yes, that's comfortably within the "guests page themselves" model.
> Setting up a block device for the domain which is backed by pagecache
> (something we usually try hard to avoid) is pretty straightforward.  But
> it doesn't work well for Xen unless the blkback domain is sized so that
> it has all of Xen's free memory in its pagecache.
>    

Could be easily achieved with ballooning?

> That said, it does concern me that the host/hypervisor is left holding
> the bag on frontswapped pages.  A evil/uncooperative/lazy can just pump
> a whole lot of pages into the frontswap pool and leave them there.   I
> guess this is mitigated by the fact that the API is designed such that
> they can't update or read the data without also allowing the hypervisor
> to drop the page (updates can fail destructively, and reads are also
> destructive), so the guest can't use it as a clumsy extension of their
> normal dedicated memory.
>    

Eventually you'll have to swap frontswap pages, or kill uncooperative 
guests.  At which point all of the simplicity is gone.

--
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/